Secret and endpoint standardisation.

This PS moves keystone credentials to the endpoints section within
the values.yaml, and also adds a 'secrets' key, allowing standardiation
of secrets and credential management across OpenStack-Helm.

Change-Id: I86a21e625afd822379ac11351603b2c606a3769f
This commit is contained in:
Pete Birley 2017-07-02 19:43:43 -05:00
parent 6f3f72f57e
commit c221fa5248
117 changed files with 1085 additions and 1084 deletions

View File

@ -20,6 +20,25 @@
{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token "auth_url" | quote | trunc 0 -}} {{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token "auth_url" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token.region_name -}}
{{- set .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token.project_name -}}
{{- set .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token.project_domain_name -}}
{{- set .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token.user_domain_name -}}
{{- set .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token.username -}}
{{- set .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token.password -}}
{{- set .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token.memcached_servers -}} {{- if empty .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token.memcached_servers -}}
{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token "memcached_servers" | quote | trunc 0 -}} {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token "memcached_servers" | quote | trunc 0 -}}
{{- end -}} {{- end -}}

View File

@ -41,7 +41,7 @@ spec:
- name: ROOT_DB_CONNECTION - name: ROOT_DB_CONNECTION
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: barbican-db-root name: {{ .Values.secrets.oslo_db.admin }}
key: DB_CONNECTION key: DB_CONNECTION
- name: OPENSTACK_CONFIG_FILE - name: OPENSTACK_CONFIG_FILE
value: /etc/barbican/barbican.conf value: /etc/barbican/barbican.conf

View File

@ -11,7 +11,6 @@
# limitations under the License. # limitations under the License.
{{- $envAll := . }} {{- $envAll := . }}
{{- $ksAdminSecret := $envAll.Values.keystone.admin_secret | default "barbican-env-keystone-admin" }}
{{- $dependencies := .Values.dependencies.ks_endpoints }} {{- $dependencies := .Values.dependencies.ks_endpoints }}
apiVersion: batch/v1 apiVersion: batch/v1
kind: Job kind: Job
@ -48,7 +47,7 @@ spec:
subPath: ks-endpoints.sh subPath: ks-endpoints.sh
readOnly: true readOnly: true
env: env:
{{- with $env := dict "ksUserSecret" $ksAdminSecret }} {{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} {{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }} {{- end }}
- name: OS_SVC_ENDPOINT - name: OS_SVC_ENDPOINT

View File

@ -11,7 +11,6 @@
# limitations under the License. # limitations under the License.
{{- $envAll := . }} {{- $envAll := . }}
{{- $ksAdminSecret := .Values.keystone.admin_secret | default "barbican-env-keystone-admin" }}
{{- $dependencies := .Values.dependencies.ks_service }} {{- $dependencies := .Values.dependencies.ks_service }}
apiVersion: batch/v1 apiVersion: batch/v1
kind: Job kind: Job
@ -47,7 +46,7 @@ spec:
subPath: ks-service.sh subPath: ks-service.sh
readOnly: true readOnly: true
env: env:
{{- with $env := dict "ksUserSecret" $ksAdminSecret }} {{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} {{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }} {{- end }}
- name: OS_SERVICE_NAME - name: OS_SERVICE_NAME

View File

@ -10,8 +10,6 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
{{- $ksAdminSecret := .Values.keystone.admin_secret | default "barbican-env-keystone-admin" }}
{{- $ksUserSecret := .Values.keystone.user_secret | default "barbican-env-keystone-user" }}
{{- $envAll := . }} {{- $envAll := . }}
{{- $dependencies := .Values.dependencies.ks_user }} {{- $dependencies := .Values.dependencies.ks_user }}
apiVersion: batch/v1 apiVersion: batch/v1
@ -47,16 +45,16 @@ spec:
subPath: ks-user.sh subPath: ks-user.sh
readOnly: true readOnly: true
env: env:
{{- with $env := dict "ksUserSecret" $ksAdminSecret }} {{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} {{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }} {{- end }}
- name: SERVICE_OS_SERVICE_NAME - name: SERVICE_OS_SERVICE_NAME
value: "barbican" value: "barbican"
{{- with $env := dict "ksUserSecret" $ksUserSecret }} {{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }} {{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }} {{- end }}
- name: SERVICE_OS_ROLE - name: SERVICE_OS_ROLE
value: {{ .Values.keystone.barbican_user_role | quote }} value: {{ .Values.endpoints.identity.auth.user.role | quote }}
volumes: volumes:
- name: ks-user-sh - name: ks-user-sh
configMap: configMap:

View File

@ -11,20 +11,15 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
---
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
name: {{ .Values.keystone_secrets.stack }} name: {{ $secretName }}
type: Opaque type: Opaque
data: data:
OS_AUTH_URL: | DB_CONNECTION: {{ tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}}
{{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc | indent 4 }} {{- end }}
OS_REGION_NAME: |
{{ .Values.keystone.heat_stack_region_name | b64enc | indent 4 }}
OS_DOMAIN_NAME: |
{{ .Values.conf.heat.default.heat.common.config.stack_user_domain_name | b64enc | indent 4 }}
OS_USERNAME: |
{{ .Values.conf.heat.default.heat.common.config.stack_domain_admin | b64enc | indent 4 }}
OS_PASSWORD: |
{{ .Values.conf.heat.default.heat.common.config.stack_domain_admin_password | b64enc | indent 4 }}

View File

@ -1,32 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: Secret
metadata:
name: barbican-env-keystone-admin
type: Opaque
data:
OS_AUTH_URL: |
{{ tuple "identity" "admin" "admin" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc | indent 4 }}
OS_REGION_NAME: |
{{ .Values.keystone.admin_region_name | b64enc | indent 4 }}
OS_PROJECT_DOMAIN_NAME: |
{{ .Values.keystone.admin_project_domain | b64enc | indent 4 }}
OS_PROJECT_NAME: |
{{ .Values.keystone.admin_project_name | b64enc | indent 4 }}
OS_USER_DOMAIN_NAME: |
{{ .Values.keystone.admin_user_domain | b64enc | indent 4 }}
OS_USERNAME: |
{{ .Values.keystone.admin_user | b64enc | indent 4 }}
OS_PASSWORD: |
{{ .Values.keystone.admin_password | b64enc | indent 4 }}

View File

@ -1,32 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: Secret
metadata:
name: barbican-env-keystone-user
type: Opaque
data:
OS_AUTH_URL: |
{{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc | indent 4 }}
OS_REGION_NAME: |
{{ .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token.region_name | b64enc | indent 4 }}
OS_PROJECT_DOMAIN_NAME: |
{{ .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token.project_domain_name | b64enc | indent 4 }}
OS_PROJECT_NAME: |
{{ .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token.project_name | b64enc | indent 4 }}
OS_USER_DOMAIN_NAME: |
{{ .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token.user_domain_name | b64enc | indent 4 }}
OS_USERNAME: |
{{ .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token.username | b64enc | indent 4 }}
OS_PASSWORD: |
{{ .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token.password | b64enc | indent 4 }}

View File

@ -1,3 +1,5 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License"); # Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License. # you may not use this file except in compliance with the License.
# You may obtain a copy of the License at # You may obtain a copy of the License at
@ -9,11 +11,15 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
---
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
name: barbican-db-root name: {{ $secretName }}
type: Opaque type: Opaque
data: data:
DB_CONNECTION: {{ tuple "oslo_db" "internal" "admin" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }} {{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 -}}
{{- end }}

View File

@ -45,22 +45,6 @@ network:
enabled: false enabled: false
port: 39486 port: 39486
keystone:
admin_user: "admin"
admin_user_domain: "default"
admin_password: "password"
admin_project_name: "admin"
admin_project_domain: "default"
admin_region_name: "RegionOne"
barbican_user: "barbican"
barbican_user_domain: "default"
barbican_user_role: "admin"
barbican_password: "password"
barbican_project_name: "service"
barbican_project_domain: "default"
barbican_region_name: "RegionOne"
dependencies: dependencies:
db_init: db_init:
services: services:
@ -115,12 +99,6 @@ conf:
auth_token: auth_token:
auth_type: password auth_type: password
auth_version: v3 auth_version: v3
region_name: RegionOne
project_domain_name: default
project_name: service
user_domain_name: default
username: barbican
password: password
database: database:
oslo: oslo:
db: db:
@ -130,9 +108,34 @@ conf:
config: config:
bind_port: 9311 bind_port: 9311
# Names of secrets used by bootstrap and environmental checks
secrets:
identity:
admin: barbican-keystone-admin
user: barbican-keystone-user
oslo_db:
admin: barbican-db-admin
user: barbican-db-user
endpoints: endpoints:
identity: identity:
name: keystone name: keystone
auth:
admin:
region_name: RegionOne
username: admin
password: password
project_name: admin
user_domain_name: default
project_domain_name: default
user:
role: admin
region_name: RegionOne
username: barbican
password: password
project_name: service
user_domain_name: default
project_domain_name: default
hosts: hosts:
default: keystone-api default: keystone-api
public: keystone public: keystone

View File

@ -23,6 +23,25 @@
{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token "auth_url" | quote | trunc 0 -}} {{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token "auth_url" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token.region_name -}}
{{- set .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token.project_name -}}
{{- set .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token.project_domain_name -}}
{{- set .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token.user_domain_name -}}
{{- set .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token.username -}}
{{- set .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token.password -}}
{{- set .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token.memcached_servers -}} {{- if empty .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token.memcached_servers -}}
{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token "memcached_servers" | quote | trunc 0 -}} {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token "memcached_servers" | quote | trunc 0 -}}
{{- end -}} {{- end -}}

View File

@ -14,7 +14,6 @@
{{- if .Values.bootstrap.enabled }} {{- if .Values.bootstrap.enabled }}
{{- $envAll := . }} {{- $envAll := . }}
{{- $ksAdminSecret := $envAll.Values.keystone.admin_secret | default "cinder-env-keystone-admin" }}
{{- $dependencies := .Values.dependencies.bootstrap }} {{- $dependencies := .Values.dependencies.bootstrap }}
apiVersion: batch/v1 apiVersion: batch/v1
kind: Job kind: Job
@ -44,7 +43,7 @@ spec:
command: command:
- /tmp/bootstrap.sh - /tmp/bootstrap.sh
env: env:
{{- with $env := dict "ksUserSecret" $ksAdminSecret }} {{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} {{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }} {{- end }}
volumeMounts: volumeMounts:

View File

@ -43,7 +43,7 @@ spec:
- name: ROOT_DB_CONNECTION - name: ROOT_DB_CONNECTION
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: cinder-db-root name: {{ .Values.secrets.oslo_db.admin }}
key: DB_CONNECTION key: DB_CONNECTION
- name: OPENSTACK_CONFIG_FILE - name: OPENSTACK_CONFIG_FILE
value: /etc/cinder/cinder.conf value: /etc/cinder/cinder.conf

View File

@ -13,7 +13,6 @@
# limitations under the License. # limitations under the License.
{{- $envAll := . }} {{- $envAll := . }}
{{- $ksAdminSecret := $envAll.Values.keystone.admin_secret | default "cinder-env-keystone-admin" }}
{{- $dependencies := .Values.dependencies.ks_endpoints }} {{- $dependencies := .Values.dependencies.ks_endpoints }}
apiVersion: batch/v1 apiVersion: batch/v1
kind: Job kind: Job
@ -50,7 +49,7 @@ spec:
subPath: ks-endpoints.sh subPath: ks-endpoints.sh
readOnly: true readOnly: true
env: env:
{{- with $env := dict "ksUserSecret" $ksAdminSecret }} {{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} {{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }} {{- end }}
- name: OS_SVC_ENDPOINT - name: OS_SVC_ENDPOINT

View File

@ -13,7 +13,6 @@
# limitations under the License. # limitations under the License.
{{- $envAll := . }} {{- $envAll := . }}
{{- $ksAdminSecret := .Values.keystone.admin_secret | default "cinder-env-keystone-admin" }}
{{- $dependencies := .Values.dependencies.ks_service }} {{- $dependencies := .Values.dependencies.ks_service }}
apiVersion: batch/v1 apiVersion: batch/v1
kind: Job kind: Job
@ -49,7 +48,7 @@ spec:
subPath: ks-service.sh subPath: ks-service.sh
readOnly: true readOnly: true
env: env:
{{- with $env := dict "ksUserSecret" $ksAdminSecret }} {{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} {{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }} {{- end }}
- name: OS_SERVICE_NAME - name: OS_SERVICE_NAME

View File

@ -12,8 +12,6 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
{{- $ksAdminSecret := .Values.keystone.admin_secret | default "cinder-env-keystone-admin" }}
{{- $ksUserSecret := .Values.keystone.user_secret | default "cinder-env-keystone-user" }}
{{- $envAll := . }} {{- $envAll := . }}
{{- $dependencies := .Values.dependencies.ks_user }} {{- $dependencies := .Values.dependencies.ks_user }}
apiVersion: batch/v1 apiVersion: batch/v1
@ -49,16 +47,16 @@ spec:
subPath: ks-user.sh subPath: ks-user.sh
readOnly: true readOnly: true
env: env:
{{- with $env := dict "ksUserSecret" $ksAdminSecret }} {{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} {{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }} {{- end }}
- name: SERVICE_OS_SERVICE_NAME - name: SERVICE_OS_SERVICE_NAME
value: "cinder" value: "cinder"
{{- with $env := dict "ksUserSecret" $ksUserSecret }} {{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }} {{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }} {{- end }}
- name: SERVICE_OS_ROLE - name: SERVICE_OS_ROLE
value: {{ .Values.keystone.cinder_user_role | quote }} value: {{ .Values.endpoints.identity.auth.user.role | quote }}
volumes: volumes:
- name: ks-user-sh - name: ks-user-sh
configMap: configMap:

View File

@ -13,7 +13,6 @@
# limitations under the License. # limitations under the License.
{{- $envAll := . }} {{- $envAll := . }}
{{- $ksAdminSecret := .Values.keystone.admin_secret | default "cinder-env-keystone-admin" }}
{{- $dependencies := .Values.dependencies.tests }} {{- $dependencies := .Values.dependencies.tests }}
{{- $mounts_cinder_tests := .Values.mounts.cinder_tests.cinder_tests }} {{- $mounts_cinder_tests := .Values.mounts.cinder_tests.cinder_tests }}
{{- $mounts_cinder_tests_init := .Values.mounts.cinder_tests.init_container }} {{- $mounts_cinder_tests_init := .Values.mounts.cinder_tests.init_container }}
@ -42,7 +41,7 @@ spec:
memory: {{ .Values.resources.tests.requests.memory | quote }} memory: {{ .Values.resources.tests.requests.memory | quote }}
{{- end }} {{- end }}
env: env:
{{- with $env := dict "ksUserSecret" $ksAdminSecret }} {{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }} {{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }}
{{- end }} {{- end }}
- name: RALLY_ENV_NAME - name: RALLY_ENV_NAME

View File

@ -1,7 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: cinder-db-root
type: Opaque
data:
DB_CONNECTION: {{ tuple "oslo_db" "internal" "admin" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}

View File

@ -0,0 +1,25 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
type: Opaque
data:
DB_CONNECTION: {{ tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}}
{{- end }}

View File

@ -1,34 +0,0 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: Secret
metadata:
name: cinder-env-keystone-admin
type: Opaque
data:
OS_AUTH_URL: |
{{ tuple "identity" "admin" "admin" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc | indent 4 }}
OS_REGION_NAME: |
{{ .Values.keystone.admin_region_name | b64enc | indent 4 }}
OS_PROJECT_DOMAIN_NAME: |
{{ .Values.keystone.admin_project_domain | b64enc | indent 4 }}
OS_PROJECT_NAME: |
{{ .Values.keystone.admin_project_name | b64enc | indent 4 }}
OS_USER_DOMAIN_NAME: |
{{ .Values.keystone.admin_user_domain | b64enc | indent 4 }}
OS_USERNAME: |
{{ .Values.keystone.admin_user | b64enc | indent 4 }}
OS_PASSWORD: |
{{ .Values.keystone.admin_password | b64enc | indent 4 }}

View File

@ -1,34 +0,0 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: Secret
metadata:
name: cinder-env-keystone-user
type: Opaque
data:
OS_AUTH_URL: |
{{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc | indent 4 }}
OS_REGION_NAME: |
{{ .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token.region_name | b64enc | indent 4 }}
OS_PROJECT_DOMAIN_NAME: |
{{ .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token.project_domain_name | b64enc | indent 4 }}
OS_PROJECT_NAME: |
{{ .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token.project_name | b64enc | indent 4 }}
OS_USER_DOMAIN_NAME: |
{{ .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token.user_domain_name | b64enc | indent 4 }}
OS_USERNAME: |
{{ .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token.username | b64enc | indent 4 }}
OS_PASSWORD: |
{{ .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token.password | b64enc | indent 4 }}

View File

@ -0,0 +1,25 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
type: Opaque
data:
{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 -}}
{{- end }}

View File

@ -67,15 +67,6 @@ bootstrap:
group: group:
volume_backend_name: volume_backend_name:
keystone:
admin_user: "admin"
admin_user_domain: "default"
admin_password: "password"
admin_project_name: "admin"
admin_project_domain: "default"
admin_region_name: "RegionOne"
cinder_user_role: "admin"
network: network:
api: api:
ingress: ingress:
@ -129,12 +120,6 @@ conf:
auth_token: auth_token:
auth_version: v3 auth_version: v3
auth_type: password auth_type: password
region_name: RegionOne
project_domain_name: default
project_name: service
user_domain_name: default
username: cinder
password: password
oslo_concurrency: oslo_concurrency:
oslo: oslo:
concurrency: concurrency:
@ -235,12 +220,37 @@ dependencies:
- service: volume - service: volume
endpoint: internal endpoint: internal
# Names of secrets used by bootstrap and environmental checks
secrets:
identity:
admin: cinder-keystone-admin
user: cinder-keystone-user
oslo_db:
admin: cinder-db-admin
user: cinder-db-user
# We use a different layout of the endpoints here to account for versioning # We use a different layout of the endpoints here to account for versioning
# this swaps the service name and type, and should be rolled out to other # this swaps the service name and type, and should be rolled out to other
# services. # services.
endpoints: endpoints:
identity: identity:
name: keystone name: keystone
auth:
admin:
region_name: RegionOne
username: admin
password: password
project_name: admin
user_domain_name: default
project_domain_name: default
user:
role: admin
region_name: RegionOne
username: cinder
password: password
project_name: service
user_domain_name: default
project_domain_name: default
hosts: hosts:
default: keystone-api default: keystone-api
public: keystone public: keystone

View File

@ -29,6 +29,44 @@
{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.glance_registry.keystone_authtoken.keystonemiddleware.auth_token "auth_url" | quote | trunc 0 -}} {{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.glance_registry.keystone_authtoken.keystonemiddleware.auth_token "auth_url" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token.region_name -}}
{{- set .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token.project_name -}}
{{- set .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token.project_domain_name -}}
{{- set .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token.user_domain_name -}}
{{- set .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token.username -}}
{{- set .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token.password -}}
{{- set .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.glance_registry.keystone_authtoken.keystonemiddleware.auth_token.region_name -}}
{{- set .Values.conf.glance_registry.keystone_authtoken.keystonemiddleware.auth_token "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.glance_registry.keystone_authtoken.keystonemiddleware.auth_token.project_name -}}
{{- set .Values.conf.glance_registry.keystone_authtoken.keystonemiddleware.auth_token "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.glance_registry.keystone_authtoken.keystonemiddleware.auth_token.project_domain_name -}}
{{- set .Values.conf.glance_registry.keystone_authtoken.keystonemiddleware.auth_token "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.glance_registry.keystone_authtoken.keystonemiddleware.auth_token.user_domain_name -}}
{{- set .Values.conf.glance_registry.keystone_authtoken.keystonemiddleware.auth_token "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.glance_registry.keystone_authtoken.keystonemiddleware.auth_token.username -}}
{{- set .Values.conf.glance_registry.keystone_authtoken.keystonemiddleware.auth_token "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.glance_registry.keystone_authtoken.keystonemiddleware.auth_token.password -}}
{{- set .Values.conf.glance_registry.keystone_authtoken.keystonemiddleware.auth_token "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token.memcached_servers -}} {{- if empty .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token.memcached_servers -}}
{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token "memcached_servers" | quote | trunc 0 -}} {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token "memcached_servers" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
@ -66,6 +104,7 @@
{{- tuple "image" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.glance.default.glance.api "public_endpoint" | quote | trunc 0 -}} {{- tuple "image" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.glance.default.glance.api "public_endpoint" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
apiVersion: v1 apiVersion: v1
kind: ConfigMap kind: ConfigMap
metadata: metadata:

View File

@ -13,8 +13,8 @@
# limitations under the License. # limitations under the License.
{{- $envAll := . }} {{- $envAll := . }}
{{- $ksAdminSecret := $envAll.Values.keystone.admin_secret | default "glance-env-keystone-admin" }}
{{- $dependencies := .Values.dependencies.bootstrap }} {{- $dependencies := .Values.dependencies.bootstrap }}
---
apiVersion: batch/v1 apiVersion: batch/v1
kind: Job kind: Job
metadata: metadata:
@ -41,7 +41,7 @@ spec:
memory: {{ .Values.resources.jobs.bootstrap.requests.memory | quote }} memory: {{ .Values.resources.jobs.bootstrap.requests.memory | quote }}
{{- end }} {{- end }}
env: env:
{{- with $env := dict "ksUserSecret" $ksAdminSecret }} {{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} {{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }} {{- end }}
command: command:

View File

@ -43,7 +43,7 @@ spec:
- name: ROOT_DB_CONNECTION - name: ROOT_DB_CONNECTION
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: glance-db-root name: {{ .Values.secrets.oslo_db.admin }}
key: DB_CONNECTION key: DB_CONNECTION
- name: OPENSTACK_CONFIG_FILE - name: OPENSTACK_CONFIG_FILE
value: /etc/glance/glance-api.conf value: /etc/glance/glance-api.conf

View File

@ -13,7 +13,6 @@
# limitations under the License. # limitations under the License.
{{- $envAll := . }} {{- $envAll := . }}
{{- $ksAdminSecret := $envAll.Values.keystone.admin_secret | default "glance-env-keystone-admin" }}
{{- $dependencies := .Values.dependencies.ks_endpoints }} {{- $dependencies := .Values.dependencies.ks_endpoints }}
apiVersion: batch/v1 apiVersion: batch/v1
kind: Job kind: Job
@ -50,7 +49,7 @@ spec:
subPath: ks-endpoints.sh subPath: ks-endpoints.sh
readOnly: true readOnly: true
env: env:
{{- with $env := dict "ksUserSecret" $ksAdminSecret }} {{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} {{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }} {{- end }}
- name: OS_SVC_ENDPOINT - name: OS_SVC_ENDPOINT

View File

@ -11,10 +11,9 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
{{- $envAll := . }} {{- $envAll := . }}
{{- $ksAdminSecret := .Values.keystone.admin_secret | default "glance-env-keystone-admin" }}
{{- $dependencies := .Values.dependencies.ks_service }} {{- $dependencies := .Values.dependencies.ks_service }}
---
apiVersion: batch/v1 apiVersion: batch/v1
kind: Job kind: Job
metadata: metadata:
@ -49,7 +48,7 @@ spec:
subPath: ks-service.sh subPath: ks-service.sh
readOnly: true readOnly: true
env: env:
{{- with $env := dict "ksUserSecret" $ksAdminSecret }} {{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} {{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }} {{- end }}
- name: OS_SERVICE_NAME - name: OS_SERVICE_NAME

View File

@ -11,11 +11,9 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
{{- $ksAdminSecret := .Values.keystone.admin_secret | default "glance-env-keystone-admin" }}
{{- $ksUserSecret := .Values.keystone.user_secret | default "glance-env-keystone-user" }}
{{- $envAll := . }} {{- $envAll := . }}
{{- $dependencies := .Values.dependencies.ks_user }} {{- $dependencies := .Values.dependencies.ks_user }}
---
apiVersion: batch/v1 apiVersion: batch/v1
kind: Job kind: Job
metadata: metadata:
@ -49,16 +47,16 @@ spec:
subPath: ks-user.sh subPath: ks-user.sh
readOnly: true readOnly: true
env: env:
{{- with $env := dict "ksUserSecret" $ksAdminSecret }} {{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} {{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }} {{- end }}
- name: SERVICE_OS_SERVICE_NAME - name: SERVICE_OS_SERVICE_NAME
value: "glance" value: "glance"
{{- with $env := dict "ksUserSecret" $ksUserSecret }} {{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }} {{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }} {{- end }}
- name: SERVICE_OS_ROLE - name: SERVICE_OS_ROLE
value: {{ .Values.keystone.glance_user_role | quote }} value: {{ .Values.endpoints.identity.auth.user.role | quote }}
volumes: volumes:
- name: ks-user-sh - name: ks-user-sh
configMap: configMap:

View File

@ -13,7 +13,6 @@
# limitations under the License. # limitations under the License.
{{- $envAll := . }} {{- $envAll := . }}
{{- $ksAdminSecret := .Values.keystone.admin_secret | default "glance-env-keystone-admin" }}
{{- $dependencies := .Values.dependencies.tests }} {{- $dependencies := .Values.dependencies.tests }}
{{- $mounts_glance_tests := .Values.mounts.glance_tests.glance_tests }} {{- $mounts_glance_tests := .Values.mounts.glance_tests.glance_tests }}
{{- $mounts_glance_tests_init := .Values.mounts.glance_tests.init_container }} {{- $mounts_glance_tests_init := .Values.mounts.glance_tests.init_container }}
@ -42,7 +41,7 @@ spec:
memory: {{ .Values.resources.tests.requests.memory | quote }} memory: {{ .Values.resources.tests.requests.memory | quote }}
{{- end }} {{- end }}
env: env:
{{- with $env := dict "ksUserSecret" $ksAdminSecret }} {{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }} {{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }}
{{- end }} {{- end }}
- name: RALLY_ENV_NAME - name: RALLY_ENV_NAME

View File

@ -1,7 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: glance-db-root
type: Opaque
data:
DB_CONNECTION: {{ tuple "oslo_db" "internal" "admin" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}

View File

@ -0,0 +1,25 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
type: Opaque
data:
DB_CONNECTION: {{ tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}}
{{- end }}

View File

@ -1,34 +0,0 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: Secret
metadata:
name: glance-env-keystone-admin
type: Opaque
data:
OS_AUTH_URL: |
{{ tuple "identity" "admin" "admin" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc | indent 4 }}
OS_REGION_NAME: |
{{ .Values.keystone.admin_region_name | b64enc | indent 4 }}
OS_PROJECT_DOMAIN_NAME: |
{{ .Values.keystone.admin_project_domain | b64enc | indent 4 }}
OS_PROJECT_NAME: |
{{ .Values.keystone.admin_project_name | b64enc | indent 4 }}
OS_USER_DOMAIN_NAME: |
{{ .Values.keystone.admin_user_domain | b64enc | indent 4 }}
OS_USERNAME: |
{{ .Values.keystone.admin_user | b64enc | indent 4 }}
OS_PASSWORD: |
{{ .Values.keystone.admin_password | b64enc | indent 4 }}

View File

@ -1,34 +0,0 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: Secret
metadata:
name: glance-env-keystone-user
type: Opaque
data:
OS_AUTH_URL: |
{{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc | indent 4 }}
OS_REGION_NAME: |
{{ .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token.region_name | b64enc | indent 4 }}
OS_PROJECT_DOMAIN_NAME: |
{{ .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token.project_domain_name | b64enc | indent 4 }}
OS_PROJECT_NAME: |
{{ .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token.project_name | b64enc | indent 4 }}
OS_USER_DOMAIN_NAME: |
{{ .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token.user_domain_name | b64enc | indent 4 }}
OS_USERNAME: |
{{ .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token.username | b64enc | indent 4 }}
OS_PASSWORD: |
{{ .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token.password | b64enc | indent 4 }}

View File

@ -0,0 +1,25 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
type: Opaque
data:
{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 -}}
{{- end }}

View File

@ -76,16 +76,6 @@ bootstrap:
hypervisor_type: "qemu" hypervisor_type: "qemu"
os_distro: "cirros" os_distro: "cirros"
keystone:
admin_user: "admin"
admin_user_domain: "default"
admin_password: "password"
admin_project_name: "admin"
admin_project_domain: "default"
admin_region_name: "RegionOne"
glance_user_role: "admin"
conf: conf:
rally_tests: rally_tests:
override: override:
@ -120,12 +110,6 @@ conf:
auth_token: auth_token:
auth_type: password auth_type: password
auth_version: v3 auth_version: v3
region_name: RegionOne
project_domain_name: default
project_name: service
user_domain_name: default
username: glance
password: password
glance_store: glance_store:
glance: glance:
store: store:
@ -151,12 +135,6 @@ conf:
auth_token: auth_token:
auth_type: password auth_type: password
auth_version: v3 auth_version: v3
region_name: RegionOne
project_domain_name: default
project_name: service
user_domain_name: default
username: glance
password: password
network: network:
api: api:
@ -296,12 +274,37 @@ dependencies:
- service: image - service: image
endpoint: internal endpoint: internal
# Names of secrets used by bootstrap and environmental checks
secrets:
identity:
admin: glance-keystone-admin
user: glance-keystone-user
oslo_db:
admin: glance-db-admin
user: glance-db-user
# typically overriden by environmental # typically overriden by environmental
# values, but should include all endpoints # values, but should include all endpoints
# required by this chart # required by this chart
endpoints: endpoints:
identity: identity:
name: keystone name: keystone
auth:
admin:
region_name: RegionOne
username: admin
password: password
project_name: admin
user_domain_name: default
project_domain_name: default
user:
role: admin
region_name: RegionOne
username: glance
password: password
project_name: service
user_domain_name: default
project_domain_name: default
hosts: hosts:
default: keystone-api default: keystone-api
public: keystone public: keystone

View File

@ -23,6 +23,54 @@
{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token "auth_url" | quote | trunc 0 -}} {{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token "auth_url" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token.region_name -}}
{{- set .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token.project_name -}}
{{- set .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token.project_domain_name -}}
{{- set .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token.user_domain_name -}}
{{- set .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token.username -}}
{{- set .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token.password -}}
{{- set .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.heat.trustee.heat.common.context.region_name -}}
{{- set .Values.conf.heat.trustee.heat.common.context "region_name" .Values.endpoints.identity.auth.trustee.region_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.heat.trustee.heat.common.context.project_name -}}
{{- set .Values.conf.heat.trustee.heat.common.context "project_name" .Values.endpoints.identity.auth.trustee.project_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.heat.trustee.heat.common.context.project_domain_name -}}
{{- set .Values.conf.heat.trustee.heat.common.context "project_domain_name" .Values.endpoints.identity.auth.trustee.project_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.heat.trustee.heat.common.context.user_domain_name -}}
{{- set .Values.conf.heat.trustee.heat.common.context "user_domain_name" .Values.endpoints.identity.auth.trustee.user_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.heat.trustee.heat.common.context.username -}}
{{- set .Values.conf.heat.trustee.heat.common.context "username" .Values.endpoints.identity.auth.trustee.username | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.heat.trustee.heat.common.context.password -}}
{{- set .Values.conf.heat.trustee.heat.common.context "password" .Values.endpoints.identity.auth.trustee.password | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.heat.default.heat.common.config.stack_user_domain_name -}}
{{- set .Values.conf.heat.default.heat.common.config "stack_user_domain_name" .Values.endpoints.identity.auth.stack_user.region_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.heat.default.heat.common.config.stack_domain_admin -}}
{{- set .Values.conf.heat.default.heat.common.config "stack_domain_admin" .Values.endpoints.identity.auth.stack_user.username | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.heat.default.heat.common.config.stack_domain_admin_password -}}
{{- set .Values.conf.heat.default.heat.common.config "stack_domain_admin_password" .Values.endpoints.identity.auth.stack_user.password | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token.memcached_servers -}} {{- if empty .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token.memcached_servers -}}
{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token "memcached_servers" | quote | trunc 0 -}} {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token "memcached_servers" | quote | trunc 0 -}}
{{- end -}} {{- end -}}

View File

@ -43,7 +43,7 @@ spec:
- name: ROOT_DB_CONNECTION - name: ROOT_DB_CONNECTION
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: heat-db-root name: {{ .Values.secrets.oslo_db.admin }}
key: DB_CONNECTION key: DB_CONNECTION
- name: OPENSTACK_CONFIG_FILE - name: OPENSTACK_CONFIG_FILE
value: /etc/heat/heat.conf value: /etc/heat/heat.conf

View File

@ -13,7 +13,6 @@
# limitations under the License. # limitations under the License.
{{- $envAll := . }} {{- $envAll := . }}
{{- $ksAdminSecret := .Values.keystone_secrets.admin }}
{{- $dependencies := .Values.dependencies.ks_endpoints }} {{- $dependencies := .Values.dependencies.ks_endpoints }}
apiVersion: batch/v1 apiVersion: batch/v1
kind: Job kind: Job
@ -50,7 +49,7 @@ spec:
subPath: ks-endpoints.sh subPath: ks-endpoints.sh
readOnly: true readOnly: true
env: env:
{{- with $env := dict "ksUserSecret" $ksAdminSecret }} {{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} {{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }} {{- end }}
- name: OS_SVC_ENDPOINT - name: OS_SVC_ENDPOINT

View File

@ -13,7 +13,6 @@
# limitations under the License. # limitations under the License.
{{- $envAll := . }} {{- $envAll := . }}
{{- $ksAdminSecret := .Values.keystone_secrets.admin }}
{{- $dependencies := .Values.dependencies.ks_service }} {{- $dependencies := .Values.dependencies.ks_service }}
apiVersion: batch/v1 apiVersion: batch/v1
kind: Job kind: Job
@ -49,7 +48,7 @@ spec:
subPath: ks-service.sh subPath: ks-service.sh
readOnly: true readOnly: true
env: env:
{{- with $env := dict "ksUserSecret" $ksAdminSecret }} {{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} {{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }} {{- end }}
- name: OS_SERVICE_NAME - name: OS_SERVICE_NAME

View File

@ -14,11 +14,7 @@
{{- $envAll := . }} {{- $envAll := . }}
{{- $dependencies := .Values.dependencies.ks_user }} {{- $dependencies := .Values.dependencies.ks_user }}
{{- $ksAdminSecret := .Values.keystone_secrets.admin }}
{{- $ksUserSecret := .Values.keystone_secrets.user }}
# The heat user management job is a bit different from other services as it also needs to create a stack domain and trusts user # The heat user management job is a bit different from other services as it also needs to create a stack domain and trusts user
{{- $ksTrusteeUserSecret := .Values.keystone_secrets.trustee }}
{{- $ksStackUserSecret := .Values.keystone_secrets.stack }}
apiVersion: batch/v1 apiVersion: batch/v1
kind: Job kind: Job
metadata: metadata:
@ -52,21 +48,20 @@ spec:
subPath: ks-user.sh subPath: ks-user.sh
readOnly: true readOnly: true
env: env:
{{- with $env := dict "ksUserSecret" $ksAdminSecret }} {{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} {{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }} {{- end }}
- name: SERVICE_OS_SERVICE_NAME - name: SERVICE_OS_SERVICE_NAME
value: "heat" value: "heat"
{{- with $env := dict "ksUserSecret" $ksUserSecret }} {{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }} {{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }} {{- end }}
- name: SERVICE_OS_ROLE - name: SERVICE_OS_ROLE
value: {{ .Values.keystone.heat_user_role | quote }} value: {{ .Values.endpoints.identity.auth.user.role | quote }}
- name: heat-ks-trustee-user - name: heat-ks-trustee-user
image: {{ .Values.images.ks_user }} image: {{ .Values.images.ks_user }}
imagePullPolicy: {{ .Values.images.pull_policy }} imagePullPolicy: {{ .Values.images.pull_policy }}
command: command:
- bash
- /tmp/ks-user.sh - /tmp/ks-user.sh
volumeMounts: volumeMounts:
- name: ks-user-sh - name: ks-user-sh
@ -74,21 +69,20 @@ spec:
subPath: ks-user.sh subPath: ks-user.sh
readOnly: true readOnly: true
env: env:
{{- with $env := dict "ksUserSecret" $ksAdminSecret }} {{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} {{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }} {{- end }}
- name: SERVICE_OS_SERVICE_NAME - name: SERVICE_OS_SERVICE_NAME
value: "heat" value: "heat"
{{- with $env := dict "ksUserSecret" $ksTrusteeUserSecret }} {{- with $env := dict "ksUserSecret" .Values.secrets.identity.trustee }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }} {{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }} {{- end }}
- name: SERVICE_OS_ROLE - name: SERVICE_OS_ROLE
value: {{ .Values.keystone.heat_trustee_role | quote }} value: {{ .Values.endpoints.identity.auth.trustee.role | quote }}
- name: heat-ks-domain-user - name: heat-ks-domain-user
image: {{ .Values.images.ks_user }} image: {{ .Values.images.ks_user }}
imagePullPolicy: {{ .Values.images.pull_policy }} imagePullPolicy: {{ .Values.images.pull_policy }}
command: command:
- bash
- /tmp/ks-domain-user.sh - /tmp/ks-domain-user.sh
volumeMounts: volumeMounts:
- name: ks-user-sh - name: ks-user-sh
@ -96,7 +90,7 @@ spec:
subPath: ks-domain-user.sh subPath: ks-domain-user.sh
readOnly: true readOnly: true
env: env:
{{- with $env := dict "ksUserSecret" $ksAdminSecret }} {{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} {{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }} {{- end }}
- name: SERVICE_OS_SERVICE_NAME - name: SERVICE_OS_SERVICE_NAME
@ -104,25 +98,25 @@ spec:
- name: SERVICE_OS_REGION_NAME - name: SERVICE_OS_REGION_NAME
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: {{ $ksStackUserSecret }} name: {{ .Values.secrets.identity.stack_user }}
key: OS_REGION_NAME key: OS_REGION_NAME
- name: SERVICE_OS_DOMAIN_NAME - name: SERVICE_OS_DOMAIN_NAME
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: {{ $ksStackUserSecret }} name: {{ .Values.secrets.identity.stack_user }}
key: OS_DOMAIN_NAME key: OS_DOMAIN_NAME
- name: SERVICE_OS_USERNAME - name: SERVICE_OS_USERNAME
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: {{ $ksStackUserSecret }} name: {{ .Values.secrets.identity.stack_user }}
key: OS_USERNAME key: OS_USERNAME
- name: SERVICE_OS_PASSWORD - name: SERVICE_OS_PASSWORD
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: {{ $ksStackUserSecret }} name: {{ .Values.secrets.identity.stack_user }}
key: OS_PASSWORD key: OS_PASSWORD
- name: SERVICE_OS_ROLE - name: SERVICE_OS_ROLE
value: {{ .Values.keystone.heat_stack_user_role | quote }} value: {{ .Values.endpoints.identity.auth.stack_user.role | quote }}
volumes: volumes:
- name: ks-user-sh - name: ks-user-sh
configMap: configMap:

View File

@ -1,7 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: heat-db-root
type: Opaque
data:
DB_CONNECTION: {{ tuple "oslo_db" "internal" "admin" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}

View File

@ -0,0 +1,25 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
type: Opaque
data:
DB_CONNECTION: {{ tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}}
{{- end }}

View File

@ -1,34 +0,0 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: Secret
metadata:
name: {{ .Values.keystone_secrets.admin }}
type: Opaque
data:
OS_AUTH_URL: |
{{ tuple "identity" "admin" "admin" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc | indent 4 }}
OS_REGION_NAME: |
{{ .Values.keystone.admin_region_name | b64enc | indent 4 }}
OS_PROJECT_DOMAIN_NAME: |
{{ .Values.keystone.admin_project_domain | b64enc | indent 4 }}
OS_PROJECT_NAME: |
{{ .Values.keystone.admin_project_name | b64enc | indent 4 }}
OS_USER_DOMAIN_NAME: |
{{ .Values.keystone.admin_user_domain | b64enc | indent 4 }}
OS_USERNAME: |
{{ .Values.keystone.admin_user | b64enc | indent 4 }}
OS_PASSWORD: |
{{ .Values.keystone.admin_password | b64enc | indent 4 }}

View File

@ -1,34 +0,0 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: Secret
metadata:
name: {{ .Values.keystone_secrets.trustee }}
type: Opaque
data:
OS_AUTH_URL: |
{{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc | indent 4 }}
OS_REGION_NAME: |
{{ .Values.keystone.heat_trustee_region_name | b64enc | indent 4 }}
OS_PROJECT_DOMAIN_NAME: |
{{ .Values.conf.heat.trustee.heat.common.context.project_domain_name | b64enc | indent 4 }}
OS_PROJECT_NAME: |
{{ .Values.conf.heat.trustee.heat.common.context.project_name | b64enc | indent 4 }}
OS_USER_DOMAIN_NAME: |
{{ .Values.conf.heat.trustee.heat.common.context.user_domain_name | b64enc | indent 4 }}
OS_USERNAME: |
{{ .Values.conf.heat.trustee.heat.common.context.username | b64enc | indent 4 }}
OS_PASSWORD: |
{{ .Values.conf.heat.trustee.heat.common.context.password | b64enc | indent 4 }}

View File

@ -1,34 +0,0 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: Secret
metadata:
name: {{ .Values.keystone_secrets.user }}
type: Opaque
data:
OS_AUTH_URL: |
{{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc | indent 4 }}
OS_REGION_NAME: |
{{ .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token.region_name | b64enc | indent 4 }}
OS_PROJECT_DOMAIN_NAME: |
{{ .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token.project_domain_name | b64enc | indent 4 }}
OS_PROJECT_NAME: |
{{ .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token.project_name | b64enc | indent 4 }}
OS_USER_DOMAIN_NAME: |
{{ .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token.user_domain_name | b64enc | indent 4 }}
OS_USERNAME: |
{{ .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token.username | b64enc | indent 4 }}
OS_PASSWORD: |
{{ .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token.password | b64enc | indent 4 }}

View File

@ -0,0 +1,37 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" "trustee" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
type: Opaque
data:
{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 -}}
{{- end }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $envAll.Values.secrets.identity.stack_user }}
type: Opaque
data:
OS_AUTH_URL: {{ tuple "identity" "internal" "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc | indent 4 }}
OS_REGION_NAME: {{ .Values.endpoints.identity.auth.stack_user.region_name | b64enc | indent 4 }}
OS_DOMAIN_NAME: {{ .Values.endpoints.identity.auth.stack_user.domain_name | b64enc | indent 4 }}
OS_USERNAME: {{ .Values.endpoints.identity.auth.stack_user.username | b64enc | indent 4 }}
OS_PASSWORD: {{ .Values.endpoints.identity.auth.stack_user.password | b64enc | indent 4 }}

View File

@ -64,29 +64,6 @@ termination_grace_period:
cloudwatch: cloudwatch:
timeout: 30 timeout: 30
keystone_secrets:
admin: "heat-env-keystone-admin"
user: "heat-env-keystone-user"
trustee: "heat-env-keystone-trustee"
stack: "heat-env-keystone-stack-user"
keystone:
admin_user: "admin"
admin_user_domain: "default"
admin_password: "password"
admin_project_name: "admin"
admin_project_domain: "default"
admin_region_name: "RegionOne"
heat_user_role: "admin"
heat_trustee_role: "admin"
heat_trustee_region_name: "RegionOne"
heat_stack_user_role: "admin"
heat_stack_region_name: "RegionOne"
conf: conf:
paste: paste:
override: override:
@ -101,9 +78,6 @@ conf:
heat: heat:
common: common:
config: config:
stack_user_domain_name: heat
stack_domain_admin: heat-domain
stack_domain_admin_password: password
num_engine_workers: 4 num_engine_workers: 4
trusts_delegated_roles: _member_ trusts_delegated_roles: _member_
keystone_authtoken: keystone_authtoken:
@ -111,24 +85,12 @@ conf:
auth_token: auth_token:
auth_type: password auth_type: password
auth_version: v3 auth_version: v3
region_name: RegionOne
project_domain_name: default
project_name: service
user_domain_name: default
username: heat
password: password
trustee: trustee:
heat: heat:
common: common:
context: context:
auth_section: trustee auth_section: trustee
auth_type: password auth_type: password
password: password
user_domain_name: default
username: heat-trust
project_domain_name: default
project_name: service
region_name: RegionOne
auth_version: v3 auth_version: v3
heat_api: heat_api:
heat: heat:
@ -249,12 +211,53 @@ dependencies:
- service: identity - service: identity
endpoint: internal endpoint: internal
# Names of secrets used by bootstrap and environmental checks
secrets:
identity:
admin: heat-keystone-admin
user: heat-keystone-user
trustee: heat-keystone-trustee
stack_user: heat-keystone-stack-user
oslo_db:
admin: heat-db-admin
user: heat-db-user
# typically overriden by environmental # typically overriden by environmental
# values, but should include all endpoints # values, but should include all endpoints
# required by this chart # required by this chart
endpoints: endpoints:
identity: identity:
name: keystone name: keystone
auth:
admin:
region_name: RegionOne
username: admin
password: password
project_name: admin
user_domain_name: default
project_domain_name: default
user:
role: admin
region_name: RegionOne
username: heat
password: password
project_name: service
user_domain_name: default
project_domain_name: default
trustee:
role: admin
region_name: RegionOne
username: heat-trust
password: password
project_name: service
user_domain_name: default
project_domain_name: default
stack_user:
role: admin
region_name: RegionOne
username: heat-trust
password: password
domain_name: heat
hosts: hosts:
default: keystone-api default: keystone-api
public: keystone public: keystone

View File

@ -0,0 +1,27 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- define "helm-toolkit.snippets.keystone_secret_openrc" }}
{{- $userClass := index . 0 -}}
{{- $identityEndpoint := index . 1 -}}
{{- $context := index . 2 -}}
{{- $userContext := index $context.Values.endpoints.identity.auth $userClass }}
OS_AUTH_URL: {{ tuple "identity" $identityEndpoint "api" $context | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc }}
OS_REGION_NAME: {{ $userContext.region_name | b64enc }}
OS_PROJECT_DOMAIN_NAME: {{ $userContext.project_domain_name | b64enc }}
OS_PROJECT_NAME: {{ $userContext.project_name | b64enc }}
OS_USER_DOMAIN_NAME: {{ $userContext.user_domain_name | b64enc }}
OS_USERNAME: {{ $userContext.username | b64enc }}
OS_PASSWORD: {{ $userContext.password | b64enc }}
{{- end }}

View File

@ -19,10 +19,10 @@ set -ex
keystone-manage --config-file=/etc/keystone/keystone.conf db_sync keystone-manage --config-file=/etc/keystone/keystone.conf db_sync
keystone-manage --config-file=/etc/keystone/keystone.conf bootstrap \ keystone-manage --config-file=/etc/keystone/keystone.conf bootstrap \
--bootstrap-username {{ .Values.keystone.admin_user }} \ --bootstrap-username ${OS_USERNAME} \
--bootstrap-password {{ .Values.keystone.admin_password }} \ --bootstrap-password ${OS_PASSWORD} \
--bootstrap-project-name {{ .Values.keystone.admin_project_name }} \ --bootstrap-project-name ${OS_PROJECT_NAME} \
--bootstrap-admin-url {{ tuple "identity" "admin" "admin" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }} \ --bootstrap-admin-url ${OS_BOOTSTRAP_ADMIN_URL} \
--bootstrap-public-url {{ tuple "identity" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }} \ --bootstrap-public-url ${OS_BOOTSTRAP_PUBLIC_URL} \
--bootstrap-internal-url {{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }} \ --bootstrap-internal-url ${OS_BOOTSTRAP_INTERNAL_URL} \
--bootstrap-region-id {{ .Values.keystone.admin_region_name }} --bootstrap-region-id ${OS_REGION_NAME}

View File

@ -14,7 +14,6 @@
{{- if .Values.bootstrap.enabled }} {{- if .Values.bootstrap.enabled }}
{{- $envAll := . }} {{- $envAll := . }}
{{- $ksAdminSecret := $envAll.Values.keystone.admin_secret | default "keystone-env-keystone-admin" }}
{{- $dependencies := .Values.dependencies.bootstrap }} {{- $dependencies := .Values.dependencies.bootstrap }}
{{- $mounts_keystone_bootstrap := .Values.mounts.keystone_bootstrap.keystone_bootstrap }} {{- $mounts_keystone_bootstrap := .Values.mounts.keystone_bootstrap.keystone_bootstrap }}
{{- $mounts_keystone_bootstrap_init := .Values.mounts.keystone_bootstrap.init_container }} {{- $mounts_keystone_bootstrap_init := .Values.mounts.keystone_bootstrap.init_container }}
@ -45,7 +44,7 @@ spec:
memory: {{ .Values.resources.jobs.bootstrap.requests.memory | quote }} memory: {{ .Values.resources.jobs.bootstrap.requests.memory | quote }}
{{- end }} {{- end }}
env: env:
{{- with $env := dict "ksUserSecret" $ksAdminSecret }} {{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} {{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }} {{- end }}
command: command:

View File

@ -47,7 +47,7 @@ spec:
- name: ROOT_DB_CONNECTION - name: ROOT_DB_CONNECTION
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: keystone-db-root name: {{ .Values.secrets.oslo_db.admin }}
key: DB_CONNECTION key: DB_CONNECTION
- name: OPENSTACK_CONFIG_FILE - name: OPENSTACK_CONFIG_FILE
value: /etc/keystone/keystone.conf value: /etc/keystone/keystone.conf

View File

@ -43,6 +43,16 @@ spec:
cpu: {{ .Values.resources.jobs.db_sync.requests.cpu | quote }} cpu: {{ .Values.resources.jobs.db_sync.requests.cpu | quote }}
memory: {{ .Values.resources.jobs.db_sync.requests.memory | quote }} memory: {{ .Values.resources.jobs.db_sync.requests.memory | quote }}
{{- end }} {{- end }}
env:
- name: OS_BOOTSTRAP_ADMIN_URL
value: {{ tuple "identity" "admin" "admin" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
- name: OS_BOOTSTRAP_PUBLIC_URL
value: {{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
- name: OS_BOOTSTRAP_INTERNAL_URL
value: {{ tuple "identity" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }}
command: command:
- /tmp/db-sync.sh - /tmp/db-sync.sh
volumeMounts: volumeMounts:

View File

@ -13,7 +13,6 @@
# limitations under the License. # limitations under the License.
{{- $envAll := . }} {{- $envAll := . }}
{{- $ksAdminSecret := .Values.keystone.admin_secret | default "keystone-env-keystone-admin" }}
{{- $dependencies := .Values.dependencies.tests }} {{- $dependencies := .Values.dependencies.tests }}
{{- $mounts_keystone_tests := .Values.mounts.keystone_tests.keystone_tests }} {{- $mounts_keystone_tests := .Values.mounts.keystone_tests.keystone_tests }}
{{- $mounts_keystone_tests_init := .Values.mounts.keystone_tests.init_container }} {{- $mounts_keystone_tests_init := .Values.mounts.keystone_tests.init_container }}
@ -42,7 +41,7 @@ spec:
memory: {{ .Values.resources.tests.requests.memory | quote }} memory: {{ .Values.resources.tests.requests.memory | quote }}
{{- end }} {{- end }}
env: env:
{{- with $env := dict "ksUserSecret" $ksAdminSecret }} {{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }} {{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }}
{{- end }} {{- end }}
- name: RALLY_ENV_NAME - name: RALLY_ENV_NAME

View File

@ -1,7 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: keystone-db-root
type: Opaque
data:
DB_CONNECTION: {{ tuple "oslo_db" "internal" "admin" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}

View File

@ -0,0 +1,25 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
type: Opaque
data:
DB_CONNECTION: {{ tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}}
{{- end }}

View File

@ -1,34 +0,0 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: Secret
metadata:
name: keystone-env-keystone-admin
type: Opaque
data:
OS_AUTH_URL: |
{{ tuple "identity" "admin" "admin" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc | indent 4 }}
OS_REGION_NAME: |
{{ .Values.keystone.admin_region_name | b64enc | indent 4 }}
OS_PROJECT_DOMAIN_NAME: |
{{ .Values.keystone.admin_project_domain | b64enc | indent 4 }}
OS_PROJECT_NAME: |
{{ .Values.keystone.admin_project_name | b64enc | indent 4 }}
OS_USER_DOMAIN_NAME: |
{{ .Values.keystone.admin_user_domain | b64enc | indent 4 }}
OS_USERNAME: |
{{ .Values.keystone.admin_user | b64enc | indent 4 }}
OS_PASSWORD: |
{{ .Values.keystone.admin_password | b64enc | indent 4 }}

View File

@ -11,11 +11,15 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
---
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
name: mistral-db-root name: {{ $secretName }}
type: Opaque type: Opaque
data: data:
DB_CONNECTION: {{ tuple "oslo_db" "internal" "admin" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }} {{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 -}}
{{- end }}

View File

@ -48,14 +48,7 @@ termination_grace_period:
timeout: 30 timeout: 30
keystone: keystone:
version: v3
scheme: http
admin_region_name: RegionOne
admin_user: admin
admin_password: password
admin_project_name: admin
admin_user_domain: default
admin_project_domain: default
bootstrap: bootstrap:
enabled: true enabled: true
@ -194,12 +187,28 @@ conf:
enabled: true enabled: true
backend: dogpile.cache.memcached backend: dogpile.cache.memcached
# Names of secrets used by bootstrap and environmental checks
secrets:
identity:
admin: keystone-keystone-admin
oslo_db:
admin: keystone-db-admin
user: keystone-db-user
# typically overriden by environmental # typically overriden by environmental
# values, but should include all endpoints # values, but should include all endpoints
# required by this chart # required by this chart
endpoints: endpoints:
identity: identity:
name: keystone name: keystone
auth:
admin:
region_name: RegionOne
username: admin
password: password
project_name: admin
user_domain_name: default
project_domain_name: default
hosts: hosts:
default: keystone-api default: keystone-api
public: keystone public: keystone

View File

@ -23,6 +23,25 @@
{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token "auth_url" | quote | trunc 0 -}} {{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token "auth_url" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token.region_name -}}
{{- set .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token.project_name -}}
{{- set .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token.project_domain_name -}}
{{- set .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token.user_domain_name -}}
{{- set .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token.username -}}
{{- set .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token.password -}}
{{- set .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token.memcached_servers -}} {{- if empty .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token.memcached_servers -}}
{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token "memcached_servers" | quote | trunc 0 -}} {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token "memcached_servers" | quote | trunc 0 -}}
{{- end -}} {{- end -}}

View File

@ -43,7 +43,7 @@ spec:
- name: ROOT_DB_CONNECTION - name: ROOT_DB_CONNECTION
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: magnum-db-root name: {{ .Values.secrets.oslo_db.admin }}
key: DB_CONNECTION key: DB_CONNECTION
- name: OPENSTACK_CONFIG_FILE - name: OPENSTACK_CONFIG_FILE
value: /etc/magnum/magnum.conf value: /etc/magnum/magnum.conf

View File

@ -13,7 +13,6 @@
# limitations under the License. # limitations under the License.
{{- $envAll := . }} {{- $envAll := . }}
{{- $ksAdminSecret := .Values.keystone_secrets.admin }}
{{- $dependencies := .Values.dependencies.ks_endpoints }} {{- $dependencies := .Values.dependencies.ks_endpoints }}
apiVersion: batch/v1 apiVersion: batch/v1
kind: Job kind: Job
@ -50,7 +49,7 @@ spec:
subPath: ks-endpoints.sh subPath: ks-endpoints.sh
readOnly: true readOnly: true
env: env:
{{- with $env := dict "ksUserSecret" $ksAdminSecret }} {{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} {{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }} {{- end }}
- name: OS_SVC_ENDPOINT - name: OS_SVC_ENDPOINT

View File

@ -13,7 +13,6 @@
# limitations under the License. # limitations under the License.
{{- $envAll := . }} {{- $envAll := . }}
{{- $ksAdminSecret := .Values.keystone_secrets.admin }}
{{- $dependencies := .Values.dependencies.ks_service }} {{- $dependencies := .Values.dependencies.ks_service }}
apiVersion: batch/v1 apiVersion: batch/v1
kind: Job kind: Job
@ -49,7 +48,7 @@ spec:
subPath: ks-service.sh subPath: ks-service.sh
readOnly: true readOnly: true
env: env:
{{- with $env := dict "ksUserSecret" $ksAdminSecret }} {{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} {{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }} {{- end }}
- name: OS_SERVICE_NAME - name: OS_SERVICE_NAME

View File

@ -12,8 +12,6 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
{{- $ksAdminSecret := .Values.keystone.admin_secret | default "magnum-env-keystone-admin" }}
{{- $ksUserSecret := .Values.keystone.user_secret | default "magnum-env-keystone-user" }}
{{- $envAll := . }} {{- $envAll := . }}
{{- $dependencies := .Values.dependencies.ks_user }} {{- $dependencies := .Values.dependencies.ks_user }}
apiVersion: batch/v1 apiVersion: batch/v1
@ -49,16 +47,16 @@ spec:
subPath: ks-user.sh subPath: ks-user.sh
readOnly: true readOnly: true
env: env:
{{- with $env := dict "ksUserSecret" $ksAdminSecret }} {{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} {{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }} {{- end }}
- name: SERVICE_OS_SERVICE_NAME - name: SERVICE_OS_SERVICE_NAME
value: "magnum" value: "magnum"
{{- with $env := dict "ksUserSecret" $ksUserSecret }} {{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }} {{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }} {{- end }}
- name: SERVICE_OS_ROLE - name: SERVICE_OS_ROLE
value: {{ .Values.keystone.magnum_user_role | quote }} value: {{ .Values.endpoints.identity.auth.user.role | quote }}
volumes: volumes:
- name: ks-user-sh - name: ks-user-sh
configMap: configMap:

View File

@ -1,7 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: magnum-db-root
type: Opaque
data:
DB_CONNECTION: {{ tuple "oslo_db" "internal" "admin" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}

View File

@ -0,0 +1,25 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
type: Opaque
data:
DB_CONNECTION: {{ tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}}
{{- end }}

View File

@ -1,34 +0,0 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: Secret
metadata:
name: {{ .Values.keystone_secrets.admin }}
type: Opaque
data:
OS_AUTH_URL: |
{{ tuple "identity" "admin" "admin" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc | indent 4 }}
OS_REGION_NAME: |
{{ .Values.keystone.admin_region_name | b64enc | indent 4 }}
OS_PROJECT_DOMAIN_NAME: |
{{ .Values.keystone.admin_project_domain | b64enc | indent 4 }}
OS_PROJECT_NAME: |
{{ .Values.keystone.admin_project_name | b64enc | indent 4 }}
OS_USER_DOMAIN_NAME: |
{{ .Values.keystone.admin_user_domain | b64enc | indent 4 }}
OS_USERNAME: |
{{ .Values.keystone.admin_user | b64enc | indent 4 }}
OS_PASSWORD: |
{{ .Values.keystone.admin_password | b64enc | indent 4 }}

View File

@ -1,34 +0,0 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: Secret
metadata:
name: {{ .Values.keystone_secrets.user }}
type: Opaque
data:
OS_AUTH_URL: |
{{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc | indent 4 }}
OS_REGION_NAME: |
{{ .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token.region_name | b64enc | indent 4 }}
OS_PROJECT_DOMAIN_NAME: |
{{ .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token.project_domain_name | b64enc | indent 4 }}
OS_PROJECT_NAME: |
{{ .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token.project_name | b64enc | indent 4 }}
OS_USER_DOMAIN_NAME: |
{{ .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token.user_domain_name | b64enc | indent 4 }}
OS_USERNAME: |
{{ .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token.username | b64enc | indent 4 }}
OS_PASSWORD: |
{{ .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token.password | b64enc | indent 4 }}

View File

@ -0,0 +1,25 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
type: Opaque
data:
{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 -}}
{{- end }}

View File

@ -17,7 +17,6 @@
# Declare name/value pairs to be passed into your templates. # Declare name/value pairs to be passed into your templates.
# name: value # name: value
replicas: replicas:
api: 1 api: 1
conductor: 1 conductor: 1
@ -52,20 +51,6 @@ termination_grace_period:
api: api:
timeout: 30 timeout: 30
keystone_secrets:
admin: "magnum-env-keystone-admin"
user: "magnum-env-keystone-user"
keystone:
admin_user: "admin"
admin_user_domain: "default"
admin_password: "password"
admin_project_name: "admin"
admin_project_domain: "default"
admin_region_name: "RegionOne"
magnum_user_role: "admin"
conf: conf:
paste: paste:
override: override:
@ -146,12 +131,37 @@ dependencies:
- service: identity - service: identity
endpoint: internal endpoint: internal
# Names of secrets used by bootstrap and environmental checks
secrets:
identity:
admin: magnum-keystone-admin
user: magnum-keystone-user
oslo_db:
admin: magnum-db-admin
user: magnum-db-user
# typically overriden by environmental # typically overriden by environmental
# values, but should include all endpoints # values, but should include all endpoints
# required by this chart # required by this chart
endpoints: endpoints:
identity: identity:
name: keystone name: keystone
auth:
admin:
region_name: RegionOne
username: admin
password: password
project_name: admin
user_domain_name: default
project_domain_name: default
user:
role: admin
region_name: RegionOne
username: magnum
password: password
project_name: service
user_domain_name: default
project_domain_name: default
hosts: hosts:
default: keystone-api default: keystone-api
public: keystone public: keystone

View File

@ -22,6 +22,25 @@
{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token "auth_url" | quote | trunc 0 -}} {{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token "auth_url" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token.region_name -}}
{{- set .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token.project_name -}}
{{- set .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token.project_domain_name -}}
{{- set .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token.user_domain_name -}}
{{- set .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token.username -}}
{{- set .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token.password -}}
{{- set .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token.memcached_servers -}} {{- if empty .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token.memcached_servers -}}
{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token "memcached_servers" | quote | trunc 0 -}} {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token "memcached_servers" | quote | trunc 0 -}}
{{- end -}} {{- end -}}

View File

@ -43,7 +43,7 @@ spec:
- name: ROOT_DB_CONNECTION - name: ROOT_DB_CONNECTION
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: mistral-db-root name: {{ .Values.secrets.oslo_db.admin }}
key: DB_CONNECTION key: DB_CONNECTION
- name: OPENSTACK_CONFIG_FILE - name: OPENSTACK_CONFIG_FILE
value: /etc/mistral/mistral.conf value: /etc/mistral/mistral.conf

View File

@ -13,7 +13,6 @@
# limitations under the License. # limitations under the License.
{{- $envAll := . }} {{- $envAll := . }}
{{- $ksAdminSecret := $envAll.Values.keystone.admin_secret | default "mistral-env-keystone-admin" }}
{{- $dependencies := .Values.dependencies.ks_endpoints }} {{- $dependencies := .Values.dependencies.ks_endpoints }}
apiVersion: batch/v1 apiVersion: batch/v1
kind: Job kind: Job
@ -50,7 +49,7 @@ spec:
subPath: ks-endpoints.sh subPath: ks-endpoints.sh
readOnly: true readOnly: true
env: env:
{{- with $env := dict "ksUserSecret" $ksAdminSecret }} {{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} {{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }} {{- end }}
- name: OS_SVC_ENDPOINT - name: OS_SVC_ENDPOINT

View File

@ -13,7 +13,6 @@
# limitations under the License. # limitations under the License.
{{- $envAll := . }} {{- $envAll := . }}
{{- $ksAdminSecret := .Values.keystone.admin_secret | default "mistral-env-keystone-admin" }}
{{- $dependencies := .Values.dependencies.ks_service }} {{- $dependencies := .Values.dependencies.ks_service }}
apiVersion: batch/v1 apiVersion: batch/v1
kind: Job kind: Job
@ -49,7 +48,7 @@ spec:
subPath: ks-service.sh subPath: ks-service.sh
readOnly: true readOnly: true
env: env:
{{- with $env := dict "ksUserSecret" $ksAdminSecret }} {{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} {{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }} {{- end }}
- name: OS_SERVICE_NAME - name: OS_SERVICE_NAME

View File

@ -12,8 +12,6 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
{{- $ksAdminSecret := .Values.keystone.admin_secret | default "mistral-env-keystone-admin" }}
{{- $ksUserSecret := .Values.keystone.user_secret | default "mistral-env-keystone-user" }}
{{- $envAll := . }} {{- $envAll := . }}
{{- $dependencies := .Values.dependencies.ks_user }} {{- $dependencies := .Values.dependencies.ks_user }}
apiVersion: batch/v1 apiVersion: batch/v1
@ -49,16 +47,16 @@ spec:
subPath: ks-user.sh subPath: ks-user.sh
readOnly: true readOnly: true
env: env:
{{- with $env := dict "ksUserSecret" $ksAdminSecret }} {{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} {{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }} {{- end }}
- name: SERVICE_OS_SERVICE_NAME - name: SERVICE_OS_SERVICE_NAME
value: "mistral" value: "mistral"
{{- with $env := dict "ksUserSecret" $ksUserSecret }} {{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }} {{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }} {{- end }}
- name: SERVICE_OS_ROLE - name: SERVICE_OS_ROLE
value: {{ .Values.keystone.mistral_user_role | quote }} value: {{ .Values.endpoints.identity.auth.user.role | quote }}
volumes: volumes:
- name: ks-user-sh - name: ks-user-sh
configMap: configMap:

View File

@ -0,0 +1,25 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
type: Opaque
data:
DB_CONNECTION: {{ tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}}
{{- end }}

View File

@ -1,35 +0,0 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: Secret
metadata:
name: mistral-env-keystone-admin
type: Opaque
data:
OS_AUTH_URL: |
{{ tuple "identity" "admin" "admin" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc | indent 4 }}
OS_REGION_NAME: |
{{ .Values.keystone.admin_region_name | b64enc | indent 4 }}
OS_PROJECT_DOMAIN_NAME: |
{{ .Values.keystone.admin_project_domain | b64enc | indent 4 }}
OS_PROJECT_NAME: |
{{ .Values.keystone.admin_project_name | b64enc | indent 4 }}
OS_USER_DOMAIN_NAME: |
{{ .Values.keystone.admin_user_domain | b64enc | indent 4 }}
OS_USERNAME: |
{{ .Values.keystone.admin_user | b64enc | indent 4 }}
OS_PASSWORD: |
{{ .Values.keystone.admin_password | b64enc | indent 4 }}

View File

@ -1,34 +0,0 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: Secret
metadata:
name: mistral-env-keystone-user
type: Opaque
data:
OS_AUTH_URL: |
{{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc | indent 4 }}
OS_REGION_NAME: |
{{ .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token.region_name | b64enc | indent 4 }}
OS_PROJECT_DOMAIN_NAME: |
{{ .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token.project_domain_name | b64enc | indent 4 }}
OS_PROJECT_NAME: |
{{ .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token.project_name | b64enc | indent 4 }}
OS_USER_DOMAIN_NAME: |
{{ .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token.user_domain_name | b64enc | indent 4 }}
OS_USERNAME: |
{{ .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token.username | b64enc | indent 4 }}
OS_PASSWORD: |
{{ .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token.password | b64enc | indent 4 }}

View File

@ -0,0 +1,25 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
type: Opaque
data:
{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 -}}
{{- end }}

View File

@ -17,7 +17,6 @@
# Declare name/value pairs to be passed into your templates. # Declare name/value pairs to be passed into your templates.
# name: value # name: value
replicas: replicas:
api: 1 api: 1
engine: 1 engine: 1
@ -56,26 +55,6 @@ termination_grace_period:
api: api:
timeout: 30 timeout: 30
keystone_secrets:
admin: "mistral-env-keystone-admin"
user: "mistral-env-keystone-user"
keystone:
admin_user: "admin"
admin_user_domain: "default"
admin_password: "password"
admin_project_name: "admin"
admin_project_domain: "default"
admin_region_name: "RegionOne"
mistral_user: "mistral"
mistral_user_domain: "default"
mistral_user_role: "admin"
mistral_password: "password"
mistral_project_name: "service"
mistral_project_domain: "default"
mistral_region_name: "RegionOne"
network: network:
api: api:
ingress: ingress:
@ -150,12 +129,37 @@ dependencies:
- service: identity - service: identity
endpoint: internal endpoint: internal
# Names of secrets used by bootstrap and environmental checks
secrets:
identity:
admin: mistral-keystone-admin
user: mistral-keystone-user
oslo_db:
admin: mistral-db-admin
user: mistral-db-user
# typically overriden by environmental # typically overriden by environmental
# values, but should include all endpoints # values, but should include all endpoints
# required by this chart # required by this chart
endpoints: endpoints:
identity: identity:
name: keystone name: keystone
auth:
admin:
region_name: RegionOne
username: admin
password: password
project_name: admin
user_domain_name: default
project_domain_name: default
user:
role: admin
region_name: RegionOne
username: mistral
password: password
project_name: service
user_domain_name: default
project_domain_name: default
hosts: hosts:
default: keystone-api default: keystone-api
public: keystone public: keystone

View File

@ -33,6 +33,25 @@
{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.neutron.keystone_authtoken.keystonemiddleware.auth_token "auth_url" | quote | trunc 0 -}} {{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.neutron.keystone_authtoken.keystonemiddleware.auth_token "auth_url" | quote | trunc 0 -}}
{{- end }} {{- end }}
{{- if empty .Values.conf.neutron.keystone_authtoken.keystonemiddleware.auth_token.project_name -}}
{{- set .Values.conf.neutron.keystone_authtoken.keystonemiddleware.auth_token "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.neutron.keystone_authtoken.keystonemiddleware.auth_token.project_domain_name -}}
{{- set .Values.conf.neutron.keystone_authtoken.keystonemiddleware.auth_token "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.neutron.keystone_authtoken.keystonemiddleware.auth_token.user_domain_name -}}
{{- set .Values.conf.neutron.keystone_authtoken.keystonemiddleware.auth_token "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.neutron.keystone_authtoken.keystonemiddleware.auth_token.username -}}
{{- set .Values.conf.neutron.keystone_authtoken.keystonemiddleware.auth_token "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.neutron.keystone_authtoken.keystonemiddleware.auth_token.password -}}
{{- set .Values.conf.neutron.keystone_authtoken.keystonemiddleware.auth_token "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.neutron.keystone_authtoken.keystonemiddleware.auth_token.region_name -}}
{{- set .Values.conf.neutron.keystone_authtoken.keystonemiddleware.auth_token "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.neutron.keystone_authtoken.keystonemiddleware.auth_token.memcached_servers -}} {{- if empty .Values.conf.neutron.keystone_authtoken.keystonemiddleware.auth_token.memcached_servers -}}
{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.neutron.keystone_authtoken.keystonemiddleware.auth_token "memcached_servers" | quote | trunc 0 -}} {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.neutron.keystone_authtoken.keystonemiddleware.auth_token "memcached_servers" | quote | trunc 0 -}}
{{- end }} {{- end }}

View File

@ -34,7 +34,7 @@ spec:
- name: ROOT_DB_CONNECTION - name: ROOT_DB_CONNECTION
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: neutron-db-root name: {{ .Values.secrets.oslo_db.admin }}
key: DB_CONNECTION key: DB_CONNECTION
- name: OPENSTACK_CONFIG_FILE - name: OPENSTACK_CONFIG_FILE
value: /etc/neutron/neutron.conf value: /etc/neutron/neutron.conf

View File

@ -13,7 +13,6 @@
# limitations under the License. # limitations under the License.
{{- $envAll := . }} {{- $envAll := . }}
{{- $ksAdminSecret := $envAll.Values.keystone.admin_secret | default "neutron-env-keystone-admin" }}
{{- $dependencies := .Values.dependencies.ks_endpoints }} {{- $dependencies := .Values.dependencies.ks_endpoints }}
apiVersion: batch/v1 apiVersion: batch/v1
kind: Job kind: Job
@ -50,7 +49,7 @@ spec:
subPath: ks-endpoints.sh subPath: ks-endpoints.sh
readOnly: true readOnly: true
env: env:
{{- with $env := dict "ksUserSecret" $ksAdminSecret }} {{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} {{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }} {{- end }}
- name: OS_SVC_ENDPOINT - name: OS_SVC_ENDPOINT

View File

@ -13,7 +13,6 @@
# limitations under the License. # limitations under the License.
{{- $envAll := . }} {{- $envAll := . }}
{{- $ksAdminSecret := .Values.keystone.admin_secret | default "neutron-env-keystone-admin" }}
{{- $dependencies := .Values.dependencies.ks_service }} {{- $dependencies := .Values.dependencies.ks_service }}
apiVersion: batch/v1 apiVersion: batch/v1
kind: Job kind: Job
@ -49,7 +48,7 @@ spec:
subPath: ks-service.sh subPath: ks-service.sh
readOnly: true readOnly: true
env: env:
{{- with $env := dict "ksUserSecret" $ksAdminSecret }} {{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} {{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }} {{- end }}
- name: OS_SERVICE_NAME - name: OS_SERVICE_NAME

View File

@ -12,8 +12,6 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
{{- $ksAdminSecret := .Values.keystone.admin_secret | default "neutron-env-keystone-admin" }}
{{- $ksUserSecret := .Values.keystone.user_secret | default "neutron-env-keystone-user" }}
{{- $envAll := . }} {{- $envAll := . }}
{{- $dependencies := .Values.dependencies.ks_user }} {{- $dependencies := .Values.dependencies.ks_user }}
apiVersion: batch/v1 apiVersion: batch/v1
@ -49,16 +47,16 @@ spec:
subPath: ks-user.sh subPath: ks-user.sh
readOnly: true readOnly: true
env: env:
{{- with $env := dict "ksUserSecret" $ksAdminSecret }} {{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} {{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }} {{- end }}
- name: SERVICE_OS_SERVICE_NAME - name: SERVICE_OS_SERVICE_NAME
value: "neutron" value: "neutron"
{{- with $env := dict "ksUserSecret" $ksUserSecret }} {{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }} {{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }} {{- end }}
- name: SERVICE_OS_ROLE - name: SERVICE_OS_ROLE
value: {{ .Values.keystone.neutron_user_role | quote }} value: {{ .Values.endpoints.identity.auth.user.role | quote }}
volumes: volumes:
- name: ks-user-sh - name: ks-user-sh
configMap: configMap:

View File

@ -13,7 +13,6 @@
# limitations under the License. # limitations under the License.
{{- $envAll := . }} {{- $envAll := . }}
{{- $ksAdminSecret := .Values.keystone.admin_secret | default "neutron-env-keystone-admin" }}
{{- $dependencies := .Values.dependencies.tests }} {{- $dependencies := .Values.dependencies.tests }}
{{- $mounts_neutron_tests := .Values.mounts.neutron_tests.neutron_tests }} {{- $mounts_neutron_tests := .Values.mounts.neutron_tests.neutron_tests }}
{{- $mounts_neutron_tests_init := .Values.mounts.neutron_tests.init_container }} {{- $mounts_neutron_tests_init := .Values.mounts.neutron_tests.init_container }}
@ -32,7 +31,7 @@ spec:
- name: {{.Release.Name}}-token-issue-test - name: {{.Release.Name}}-token-issue-test
image: {{ .Values.images.test }} image: {{ .Values.images.test }}
env: env:
{{- with $env := dict "ksUserSecret" $ksAdminSecret }} {{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }} {{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }}
{{- end }} {{- end }}
- name: RALLY_ENV_NAME - name: RALLY_ENV_NAME

View File

@ -1,7 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: neutron-db-root
type: Opaque
data:
DB_CONNECTION: {{ tuple "oslo_db" "internal" "admin" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}

View File

@ -0,0 +1,25 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
type: Opaque
data:
DB_CONNECTION: {{ tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}}
{{- end }}

View File

@ -1,34 +0,0 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: Secret
metadata:
name: neutron-env-keystone-admin
type: Opaque
data:
OS_AUTH_URL: |
{{ tuple "identity" "admin" "admin" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc | indent 4 }}
OS_REGION_NAME: |
{{ .Values.keystone.admin_region_name | b64enc | indent 4 }}
OS_PROJECT_DOMAIN_NAME: |
{{ .Values.keystone.admin_project_domain | b64enc | indent 4 }}
OS_PROJECT_NAME: |
{{ .Values.keystone.admin_project_name | b64enc | indent 4 }}
OS_USER_DOMAIN_NAME: |
{{ .Values.keystone.admin_user_domain | b64enc | indent 4 }}
OS_USERNAME: |
{{ .Values.keystone.admin_user | b64enc | indent 4 }}
OS_PASSWORD: |
{{ .Values.keystone.admin_password | b64enc | indent 4 }}

View File

@ -1,34 +0,0 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: Secret
metadata:
name: neutron-env-keystone-user
type: Opaque
data:
OS_AUTH_URL: |
{{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc | indent 4 }}
OS_REGION_NAME: |
{{ .Values.keystone.neutron_region_name | b64enc | indent 4 }}
OS_PROJECT_DOMAIN_NAME: |
{{ .Values.keystone.neutron_project_domain | b64enc | indent 4 }}
OS_PROJECT_NAME: |
{{ .Values.keystone.neutron_project_name | b64enc | indent 4 }}
OS_USER_DOMAIN_NAME: |
{{ .Values.keystone.neutron_user_domain | b64enc | indent 4 }}
OS_USERNAME: |
{{ .Values.keystone.neutron_user | b64enc | indent 4 }}
OS_PASSWORD: |
{{ .Values.keystone.neutron_password | b64enc | indent 4 }}

View File

@ -0,0 +1,25 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
type: Opaque
data:
{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 -}}
{{- end }}

View File

@ -134,23 +134,6 @@ network:
metadata: metadata:
port: 8775 port: 8775
keystone:
admin_user: "admin"
admin_user_domain: "default"
admin_password: "password"
admin_project_name: "admin"
admin_project_domain: "default"
admin_region_name: "RegionOne"
neutron_user: "neutron"
neutron_user_domain: "default"
neutron_user_role: "admin"
neutron_password: "password"
neutron_project_name: "service"
neutron_project_domain: "default"
neutron_region_name: "RegionOne"
metadata: metadata:
workers: 4 workers: 4
@ -374,12 +357,6 @@ conf:
auth_token: auth_token:
auth_type: password auth_type: password
auth_version: v3 auth_version: v3
region_name: RegionOne
project_domain_name: default
project_name: service
user_domain_name: default
username: neutron
password: password
ml2_conf: ml2_conf:
override: override:
append: append:
@ -488,6 +465,14 @@ conf:
override: override:
append: append:
# Names of secrets used by bootstrap and environmental checks
secrets:
identity:
admin: neutron-keystone-admin
user: neutron-keystone-user
oslo_db:
admin: neutron-db-admin
user: neutron-db-user
# typically overriden by environmental # typically overriden by environmental
# values, but should include all endpoints # values, but should include all endpoints
@ -548,6 +533,22 @@ endpoints:
default: 6080 default: 6080
identity: identity:
name: keystone name: keystone
auth:
admin:
region_name: RegionOne
username: admin
password: password
project_name: admin
user_domain_name: default
project_domain_name: default
user:
role: admin
region_name: RegionOne
username: neutron
password: password
project_name: service
user_domain_name: default
project_domain_name: default
hosts: hosts:
default: keystone-api default: keystone-api
public: keystone public: keystone

View File

@ -23,6 +23,25 @@
{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.nova.keystone_authtoken.keystonemiddleware.auth_token "auth_url" | quote | trunc 0 -}} {{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.nova.keystone_authtoken.keystonemiddleware.auth_token "auth_url" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.nova.keystone_authtoken.keystonemiddleware.auth_token.region_name -}}
{{- set .Values.conf.nova.keystone_authtoken.keystonemiddleware.auth_token "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.nova.keystone_authtoken.keystonemiddleware.auth_token.project_name -}}
{{- set .Values.conf.nova.keystone_authtoken.keystonemiddleware.auth_token "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.nova.keystone_authtoken.keystonemiddleware.auth_token.project_domain_name -}}
{{- set .Values.conf.nova.keystone_authtoken.keystonemiddleware.auth_token "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.nova.keystone_authtoken.keystonemiddleware.auth_token.user_domain_name -}}
{{- set .Values.conf.nova.keystone_authtoken.keystonemiddleware.auth_token "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.nova.keystone_authtoken.keystonemiddleware.auth_token.username -}}
{{- set .Values.conf.nova.keystone_authtoken.keystonemiddleware.auth_token "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.nova.keystone_authtoken.keystonemiddleware.auth_token.password -}}
{{- set .Values.conf.nova.keystone_authtoken.keystonemiddleware.auth_token "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.nova.keystone_authtoken.keystonemiddleware.auth_token.memcached_servers -}} {{- if empty .Values.conf.nova.keystone_authtoken.keystonemiddleware.auth_token.memcached_servers -}}
{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.nova.keystone_authtoken.keystonemiddleware.auth_token "memcached_servers" | quote | trunc 0 -}} {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.nova.keystone_authtoken.keystonemiddleware.auth_token "memcached_servers" | quote | trunc 0 -}}
{{- end -}} {{- end -}}

View File

@ -13,7 +13,6 @@
# limitations under the License. # limitations under the License.
{{- $envAll := . }} {{- $envAll := . }}
{{- $ksAdminSecret := $envAll.Values.keystone.admin_secret | default "nova-env-keystone-admin" }}
{{- $dependencies := .Values.dependencies.bootstrap }} {{- $dependencies := .Values.dependencies.bootstrap }}
{{- $mounts_nova_bootstrap := .Values.mounts.nova_bootstrap.nova_bootstrap }} {{- $mounts_nova_bootstrap := .Values.mounts.nova_bootstrap.nova_bootstrap }}
{{- $mounts_nova_bootstrap_init := .Values.mounts.nova_bootstrap.init_container }} {{- $mounts_nova_bootstrap_init := .Values.mounts.nova_bootstrap.init_container }}
@ -45,7 +44,7 @@ spec:
command: command:
- /tmp/bootstrap.sh - /tmp/bootstrap.sh
env: env:
{{- with $env := dict "ksUserSecret" $ksAdminSecret }} {{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} {{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }} {{- end }}
volumeMounts: volumeMounts:

View File

@ -43,7 +43,7 @@ spec:
- name: ROOT_DB_CONNECTION - name: ROOT_DB_CONNECTION
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: nova-db-root name: {{ .Values.secrets.oslo_db.admin }}
key: DB_CONNECTION key: DB_CONNECTION
- name: OPENSTACK_CONFIG_FILE - name: OPENSTACK_CONFIG_FILE
value: /etc/nova/nova.conf value: /etc/nova/nova.conf
@ -80,7 +80,7 @@ spec:
- name: ROOT_DB_CONNECTION - name: ROOT_DB_CONNECTION
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: nova-db-root name: {{ .Values.secrets.oslo_db.admin }}
key: DB_CONNECTION key: DB_CONNECTION
- name: OPENSTACK_CONFIG_FILE - name: OPENSTACK_CONFIG_FILE
value: /etc/nova/nova.conf value: /etc/nova/nova.conf

View File

@ -13,7 +13,6 @@
# limitations under the License. # limitations under the License.
{{- $envAll := . }} {{- $envAll := . }}
{{- $ksAdminSecret := $envAll.Values.keystone.admin_secret | default "nova-env-keystone-admin" }}
{{- $dependencies := .Values.dependencies.ks_endpoints }} {{- $dependencies := .Values.dependencies.ks_endpoints }}
apiVersion: batch/v1 apiVersion: batch/v1
kind: Job kind: Job
@ -50,7 +49,7 @@ spec:
subPath: ks-endpoints.sh subPath: ks-endpoints.sh
readOnly: true readOnly: true
env: env:
{{- with $env := dict "ksUserSecret" $ksAdminSecret }} {{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} {{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }} {{- end }}
- name: OS_SVC_ENDPOINT - name: OS_SVC_ENDPOINT

View File

@ -13,7 +13,6 @@
# limitations under the License. # limitations under the License.
{{- $envAll := . }} {{- $envAll := . }}
{{- $ksAdminSecret := .Values.keystone.admin_secret | default "nova-env-keystone-admin" }}
{{- $dependencies := .Values.dependencies.ks_service }} {{- $dependencies := .Values.dependencies.ks_service }}
apiVersion: batch/v1 apiVersion: batch/v1
kind: Job kind: Job
@ -49,7 +48,7 @@ spec:
subPath: ks-service.sh subPath: ks-service.sh
readOnly: true readOnly: true
env: env:
{{- with $env := dict "ksUserSecret" $ksAdminSecret }} {{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} {{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }} {{- end }}
- name: OS_SERVICE_NAME - name: OS_SERVICE_NAME

View File

@ -12,8 +12,6 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
{{- $ksAdminSecret := .Values.keystone.admin_secret | default "nova-env-keystone-admin" }}
{{- $ksUserSecret := .Values.keystone.user_secret | default "nova-env-keystone-user" }}
{{- $envAll := . }} {{- $envAll := . }}
{{- $dependencies := .Values.dependencies.ks_user }} {{- $dependencies := .Values.dependencies.ks_user }}
apiVersion: batch/v1 apiVersion: batch/v1
@ -49,16 +47,16 @@ spec:
subPath: ks-user.sh subPath: ks-user.sh
readOnly: true readOnly: true
env: env:
{{- with $env := dict "ksUserSecret" $ksAdminSecret }} {{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} {{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }} {{- end }}
- name: SERVICE_OS_SERVICE_NAME - name: SERVICE_OS_SERVICE_NAME
value: "nova" value: "nova"
{{- with $env := dict "ksUserSecret" $ksUserSecret }} {{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }} {{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }} {{- end }}
- name: SERVICE_OS_ROLE - name: SERVICE_OS_ROLE
value: {{ .Values.keystone.nova_user_role | quote }} value: {{ .Values.endpoints.identity.auth.user.role | quote }}
volumes: volumes:
- name: ks-user-sh - name: ks-user-sh
configMap: configMap:

View File

@ -13,7 +13,6 @@
# limitations under the License. # limitations under the License.
{{- $envAll := . }} {{- $envAll := . }}
{{- $ksAdminSecret := .Values.keystone.admin_secret | default "nova-env-keystone-admin" }}
{{- $dependencies := .Values.dependencies.tests }} {{- $dependencies := .Values.dependencies.tests }}
{{- $mounts_nova_tests := .Values.mounts.nova_tests.nova_tests }} {{- $mounts_nova_tests := .Values.mounts.nova_tests.nova_tests }}
{{- $mounts_nova_tests_init := .Values.mounts.nova_tests.init_container }} {{- $mounts_nova_tests_init := .Values.mounts.nova_tests.init_container }}
@ -32,7 +31,7 @@ spec:
- name: {{.Release.Name}}-token-issue-test - name: {{.Release.Name}}-token-issue-test
image: {{ .Values.images.test }} image: {{ .Values.images.test }}
env: env:
{{- with $env := dict "ksUserSecret" $ksAdminSecret }} {{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }} {{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }}
{{- end }} {{- end }}
- name: RALLY_ENV_NAME - name: RALLY_ENV_NAME

View File

@ -0,0 +1,25 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- $secretName := index $envAll.Values.secrets.oslo_db_api $userClass }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
type: Opaque
data:
DB_CONNECTION: {{ tuple "oslo_db_api" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}}
{{- end }}

Some files were not shown because too many files have changed in this diff Show More